PHP Web Hosting Project.

Hey! I'm making a web hosting site as a hobby project. And my problem is that anyone could upload php files and then read my root files or whatever they want. So could I do so their php files could just read from their own directory?

My structure is like this: htdocs/ (with all pages) htdocs/user1/ htdocs/user2/ etc.

Thx for any help.

I haven't used this, but look into .htaccess and .htpasswd files. They allow you to determine who gets to access your files and which files the can have access to. http://www.google.com/search?client=opera&rls=en&q=.htaccess&sourceid=opera&ie=utf-8&oe=utf-8

What pwzall said or you could use regex on their files to check for things that could compromise your site. I have a website such as the one you describe, but I sorta rely on the people not knowing how to hack it to protect it :p. It would be fairly easy though. Who will be using your website?

Nothing seems to be working. The user can easily upload shell scripts or get any file on the computer. So is there a way to just let the users php files read from their own subdirectory?

ranma wrote: Who will be using your website? Probably nobody x) But security is the most important piece in this project.